Closed Bug 1224850 Opened 9 years ago Closed 9 years ago

support.mozilla.org reflected xss

Categories

(support.mozilla.org :: General, defect)

Product:
support.mozilla.org
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1223970

People

(Reporter: muratyilmazlar1, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Build ID: 20151029151421

Steps to reproduce:

I entered support.mozilla.org and tried few xss vectors on search bar such as <script>alert(1)</script>

And when i entered my fav. payload which is this: '"><svg/onload=confirm(document.domain)>

I gave this alert: http://prntscr.com/92sold


Actual results:

It gaves me alert : support.mozilla.org


Expected results:

I expected the have this alert and i had it. Here is reflected xss alert on support.mozilla.org
It's in the progress of being fixed now. Thank you for reporting it!
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.